{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a8da122c-7caa-50cc-a20e-5a2a954f17a9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5", "type": "library", "group": "org.apache.tomcat", "name": "tomcat", "version": "9.0.75-tuxcare.5", "purl": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:67151f40-ae66-555d-acd9-77ddded8d75b", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f8cc0627-a85e-515a-89b1-d5dc8ec5689e", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2f7b069d-f13a-5688-a81d-016f29441307", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9fbe9e01-16a4-55c0-8cf4-5c98d0ef91db", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:01307318-1c9c-5d54-b839-e58c2275fa52", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6ad00af1-640a-5b4d-a513-1e45714165ab", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:eb8c555b-1fd2-5a3a-8006-3e0aa9b01810", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a62c3e9f-887e-55df-8f34-d41a9f15cc6e", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7dd7831c-8e20-5465-8a8d-c52dbd91da6b", "id": "CVE-2023-41080", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-41080 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:36de1dcd-15c5-589d-a422-22ea163652ab", "id": "CVE-2023-42794", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-42794 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6fce8873-bdd8-5054-a649-a6be55b7384f", "id": "CVE-2023-42795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-42795 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f06a76e4-f96b-5b28-9ed7-e7a0eec49c25", "id": "CVE-2023-44487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-44487 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c6200d02-d7e6-5426-9b96-f302662f96c2", "id": "CVE-2023-45648", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-45648 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6a4ae84b-82e2-5574-8867-7045b3f110fa", "id": "CVE-2023-46589", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-46589 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:eb5979a5-0f23-50ad-aaed-64354f2143e4", "id": "CVE-2024-23672", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-23672 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:954c249e-5298-501b-b53d-fdca489b6fce", "id": "CVE-2024-24549", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-24549 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:79b9344a-7ce1-513d-b955-f17c48cfb8cf", "id": "CVE-2024-34750", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34750 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:05b42c1a-4012-5c33-b824-7c511f4ae92a", "id": "CVE-2024-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38286 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6db2f433-a280-5425-ba9c-3de9246d9101", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:57cbd840-faad-594a-bc3d-08671949ca17", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5d4ea88e-924a-5b6d-9f48-38da5108e5dc", "id": "CVE-2024-54677", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-54677 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2fb907b4-d963-58fe-abcd-7258c962c836", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:94757a65-5701-594f-ab5c-3173552fa629", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f2bc38c4-2251-5293-bb8e-7c6fe6d5643e", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b548ce89-4f61-5f8e-9360-c8d40bc105d4", "id": "CVE-2025-31651", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31651 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:76c5e0b8-fedf-5b63-97c7-f36fbf163d9d", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:906d9053-404d-5c9a-b29a-132cc27ad6b0", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d278e382-4d93-52eb-9072-46a64c9d17dd", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:164cd2cb-8f83-50d6-a1e2-5ec969b9579c", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d50b3b5c-fd2c-5ffd-aaf5-9a62c338f4c9", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b94b1055-8b79-589c-b813-ca29154e0c55", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3ad59d6d-b07a-5760-bea2-9cb88d0c5dd8", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8ef31a25-59d5-5441-8d82-2c5a6080ce29", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b5932131-875e-5e4c-a618-b734d76a9154", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:282d9b9b-f504-515b-aa88-0f0834ac1be2", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ec0e5d8b-e1e5-5a6c-9e29-a64bdb9a73c8", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7b47f9e4-fd00-5f45-afc9-72150edb5926", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3a0a03ec-a8e2-5a6b-8eea-5f2414ad2d60", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:16f0afab-4f81-5901-88e2-241c4c68a54e", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:aa3617bb-cefd-581e-9dd6-60bdba080c25", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:84bed8e8-f4fe-5c7c-a349-3d9cdf25898e", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7a861b94-c544-59e5-9760-941b7056490c", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:add39ea8-d663-5996-b9a8-617776a10c6b", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6aa305af-c2e4-58f0-a3ab-31e7542ae13e", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3626df19-b700-58f7-b57e-39d09c319953", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 9.0.75-tuxcare.5 of org.apache.tomcat:tomcat." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat@9.0.75-tuxcare.5" } ] }